The benefits of the cloud are well publicized: reduced cost, faster time to market, and transitioning from Capex to Opexto name a few. But over the last 5 years, IT departments have been surprisingly slow to fully embrace the cloud. Their number one concern: security of corporate data in the cloud.

Meanwhile, employees accustomed to using web applications outside the office aren’t waiting for the go ahead from IT. Gartner estimates 35% of technology purchases will be made outside the IT department by 2015.  With data migrating to approved and unapproved cloud services, how secure is that data? In fact, are you even aware of what cloud services your employees are using?

Upon analyzing data in networking log files, companies often find 10x more cloud services in use by employees than they were expecting to find. While the pervasiveness of so-called “Shadow IT” (unapproved IT services procured and managed outside of IT) may seem daunting, IT security teams can take control and proactively secure their data in the cloud by following these 5 simple and straightforward steps.

1. Understand Your Cloud Usage and Exposure

2. Create a Data Security Policy and Enforce It

3. Minimize the Risk of Data Breaches

4. Maintain Vigilance against Malware and Malicious Insiders

5. Protect Data from Loss

The risks of shadow IT:
SAM compliance: Software asset management (SAM) is a big challenge to the software when IT has decent processes for managing the procurement of software licences.
Governance and standards: Organisations invest heavily to enforce they comply with regulations imposed by government and industry.

Lack of testing and change control: Managing the cycle of change and release taxing but a new layer of complexity is introduced when third parties need to be included in the process.

When the IT and Security teams come to realize the volume of cloud services in use, the massive size of Shadow IT, and the magnitude of cloud data security risk due to Shadow IT, it’s always a real eye opener.  The more number of cloud services running speaks to several exploding trends – cloud computing, bring your own device (BYOD) .

Feelings toward shadow IT are mixed; some IT administrators fear that if shadow IT is allowed, end users will create data and prevent information from flowing freely throughout the organization. Other administrators believe that in a fast-changing business world, the IT department must encircle shadow IT for the innovation it supplies and create policies for overseeing.